In a pump-and-dump attack, spammers raise the stock prices of companies they own shares in by sending spammed messages with misleading or outright untrue positive news about the said companies. Once the companies’ real stock prices have sufficiently risen, the spammers will then sell or dump their own shares to gain profit.

TrendLabs engineers, however, recently saw the recent comeback of this tactic hit the popular VoIP application, Skype. Spammers used the application’s instant-messaging (IM) feature to send the pump-and-dump spammed messages below.

Spammers tried to promote two companies—EcoBlu Products, Inc. and Terra Energy & Resource. Like other spam runs using IM applications, Skype users received these email messages from users who were not in their lists of contacts.

As usual, we urge users not to click any link in messages sent via email or IM applications that come from people they do not know.

Trend Micro™ Smart Protection Network™ protects product users from this threat by preventing the spammed messages from reaching their inboxes via the email reputation service and by blocking access to malicious sites via the Web reputation service.

Non-Trend Micro product users, on the other hand, can also keep their systems safe by using free tools like eMail ID, a browser plug-in that helps identify legitimate email messages in your inboxes.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

Security Predictions for 2018

Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.Read our security predictions for 2018.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.